Microsoft has released Microsoft security advisory 2458511 to alert users of a vulnerability affecting all supported versions of Internet Explorer. This vulnerability may allow an attacker to execute arbitrary code.

US-CERT encourages users and administrators to review Microsoft Security Advisory 2458511 and consider implementing the suggested workarounds or using the Microsoft Fix it tools provided in Microsoft Support article 2458511 to help mitigate the risks until a fix is available from the vendor.

US-CERT is aware of recent reports indicating that some newly purchased removable media devices are infected with malicious code. This malicious code is a worm that attempts to propagate itself via multiple methods. If a Windows user connects an affected removable media device to a system that has autorun enabled, the system may become infected with this malware with no additional interaction from the user. Autorun is enabled by default.

US-CERT encourages users and administrators to consider implementing the following best security practices to help mitigate the risks associated with this type of issue:

Adobe has released a security update for Shockwave Player to address multiple vulnerabilities. These vulnerabilities may allow an attacker to execute arbitrary code.

US-CERT encourages users and administrators to review Adobe security bulletin APSB10-25 and apply any necessary updates to help mitigate the risks. Additional information regarding the 'rcsL' chunk parsing vulnerability can be found in US-CERT vulnerability note VU#402231.